agentforce-d360-analyze
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands via the Salesforce CLI (
sf) to handle authentication and organization discovery. These calls use list-based argument passing to prevent shell injection and are necessary for retrieving the required access tokens for Data Cloud. - [EXTERNAL_DOWNLOADS]: Fetches session audit data from official Salesforce Data Cloud REST APIs using the
urlliblibrary. The destination URLs are dynamically resolved from the user's authenticated Salesforce configuration. - [SAFE]: Includes a dedicated
fs_guard.pyutility that enforces strict regex-based validation for all session identifiers and organization IDs. This prevents path-traversal attacks and ensures that audit files are stored securely within the designated local data directory.
Audit Metadata